zlacker
[return to "Notepad++ hijacked by state-sponsored actors"]
◧
1. tech23+V3
[view]
[source]
2026-02-02 02:39:08
>>myster+(OP)
Notably Notepad++ was recently shipping unsigned/self-signed updates, apparently overlapping with the time of this incident, see releases 8.8.2-8.8.6:
https://notepad-plus-plus.org/news/
◧◩
2. bakugo+F4
[view]
[source]
2026-02-02 02:48:43
>>tech23+V3
So they just conveniently decided not to sign their releases right around the time they were supposedly "hacked"?
Something doesn't seem right here.
◧◩◪
3. adzm+d6
[view]
[source]
2026-02-02 03:04:14
>>bakugo+F4
Code signing certs are unfortunately expensive
◧◩◪◨
4. firest+58
[view]
[source]
2026-02-02 03:20:21
>>adzm+d6
$700+ at Sectigo for two years
Something of Notepad++ size might think about it now
◧◩◪◨⬒
5. hjoutf+tu
[view]
[source]
2026-02-02 07:36:22
>>firest+58
the issue was not the money, but that it was difficult to get a certificate without having some sort of legal entity
◧◩◪◨⬒⬓
6. Chaosv+zab
[view]
[source]
2026-02-05 01:35:48
>>hjoutf+tu
It was negligence. You don't need a certificate to prevent update tampering.
[go to top]